Vulnerabilities > Cesanta > Mongoose

DATE CVE VULNERABILITY TITLE RISK
2021-02-08 CVE-2021-26530 Out-Of-Bounds Write vulnerability in Cesanta Mongoose 7.0
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
network
low complexity
cesanta CWE-787
6.4
2021-02-08 CVE-2021-26529 Out-Of-Bounds Write vulnerability in Cesanta Mongoose
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
network
low complexity
cesanta CWE-787
6.4
2021-02-08 CVE-2021-26528 Out-Of-Bounds Write vulnerability in Cesanta Mongoose 7.0
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
network
low complexity
cesanta CWE-787
6.4
2020-09-18 CVE-2020-25756 Classic Buffer Overflow vulnerability in Cesanta Mongoose 6.18
** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking.
network
low complexity
cesanta CWE-120
7.5
2019-11-26 CVE-2019-19307 Infinite Loop vulnerability in Cesanta Mongoose 6.16
An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet.
network
low complexity
cesanta CWE-835
7.5
2019-07-11 CVE-2019-13503 Out-Of-Bounds Read vulnerability in Cesanta Mongoose 6.15
mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read.
network
low complexity
cesanta CWE-125
5.0
2019-06-24 CVE-2019-12951 Out-Of-Bounds Write vulnerability in Cesanta Mongoose
An issue was discovered in Mongoose before 6.15.
network
low complexity
cesanta CWE-787
7.5
2019-06-10 CVE-2018-20356 USE After Free vulnerability in Cesanta Mongoose
An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
network
low complexity
cesanta CWE-416
7.5
2019-06-10 CVE-2018-20355 USE After Free vulnerability in Cesanta Mongoose
An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
network
low complexity
cesanta CWE-416
7.5
2019-06-10 CVE-2018-20354 USE After Free vulnerability in Cesanta Mongoose
An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
network
low complexity
cesanta CWE-416
7.5